If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

How can I remove "tdlwsp.dll" rootkit?

Zone Alarm virus scan detected the following virus, but gives an error when I try to remove it:
"Memory: was found in \\?\globalroot\device\ide\ideport1\owprppbw\owprpp bw\tdlwsp.dll on 9/21/2009 7:35:32"

The virus seems to be a browser hijacker. When I click on a web link, I usually get taken to some other site, often a shopping or advertising site, rather than the link I clicked on.

What can I do to remove this virus from my system? Thanks for your help.

Re: How can I remove "tdlwsp.dll" rootkit?

I followed the steps in the Sticky note, but I've still got the virus. Zone Alarm detects it, but can't remove it (still give an error). MBAM detects it, says it will remove it on reboot, but the virus is still there after I reboot (I know this because MBAM detects it again after I reboot and run a scan, and my browser continues to be hijacked). Super-antispyware doesn't detect it.

I'm currently running Zone Alarm 8. Do you think Zone Alarm 9 would be able to remove it? Any other ideas on how I can get rid of this virus?

Re: How can I remove "tdlwsp.dll" rootkit?

Joe:

I've got a machine suffering from a similar RAM resident dll virus/trojan. Mine hijacks the default browser to fake AV ransome-ware web sites. I've been unsuccesfull in cleaning it, and I believe that there is ultimately only the final solution: wipe the hdd and reinstall.

I could be mistaken, but I'm pretty sure that this type of trojan has been built with the old RAM resident viruses capacity of hiding in RAM until shutdown, then writing to the hard drive, possibly even to the boot area. It's been so long since I've dealt with these, I've forgotten how they worked!

Regardless, this is not usually the answer somebody prefers to hear (reboot from CD, format, and reinstall), but it may be your best solution.